Agentic AI’s Identity Crisis Exposes Organizations to Cyber Threats
A growing concern in the cybersecurity community is that agentic artificial intelligence (AI) systems, which can authenticate, receive permissions, and take actions across production environments, are often given broad access with little oversight. This identity crisis has caught many organizations off guard, leaving them vulnerable to cyber attacks.
Agentic AI systems are not just another service or application category – they are digital actors that can call APIs, write code, trigger workflows, query databases, and take action autonomously. In many organizations, these agents have already been embedded into production environments using credentials, API tokens, OAuth grants, and cloud roles that often go un inventoried. As a result, the central security question is no longer just “what can the model say?” but rather “who is this agent, what is it allowed to do, who is responsible for its actions, and can we revoke or constrain it when something changes?”
The traditional identity programs built around humans have been struggling to keep up with machine identities, which multiplied across cloud and DevOps environments. However, agentic AI presents a new level of complexity due to its autonomy, scale, and decentralization. These agents can be created quickly, embedded into SaaS products, copied by developers, delegated permissions by users, and left running long after the original need is gone.
One of the main challenges in securing agentic AI systems is that traditional least privilege does not apply. With humans or service accounts, granting minimum static permissions for a role or function often suffices. However, an agent may require different access depending on its goal, data involved, user or system it’s acting on behalf of, and environment it’s touching.
For instance, a support agent summarizing a ticket does not need the same privilege as one that can issue refunds, modify customer records, or execute commands in production. Similarly, a coding agent running in a sandbox is different from one that can open pull requests, access secrets, or deploy infrastructure.
Organizations are struggling to keep up with the growing number of agentic AI systems, known as “shadow AI,” which can be difficult to detect and secure. Without proper visibility into these agents’ activities, organizations risk not knowing which credentials they use, the scope of potential damage, or who is responsible when something goes wrong.
To mitigate this risk, organizations need to adopt new identity management strategies that prioritize intent-based policies, contextual access, and continuous evaluation. This requires a deeper understanding of agentic AI’s capabilities and limitations, as well as a more proactive approach to governance.
In conclusion, the identity crisis surrounding agentic AI systems is a pressing concern for cybersecurity professionals. As these agents continue to grow in number and influence, it’s essential that organizations prioritize their security and adopt strategies tailored to their unique needs. By doing so, they can ensure that these powerful tools are used safely and effectively, without compromising on innovation or control.
Practical takeaway: Organizations should start by conducting a thorough inventory of all agentic AI systems within their environments, mapping out their access and privileges, and implementing intent-based policies to limit their capabilities. This will require a collaborative effort between security teams, developers, and business leaders to ensure that these powerful tools are used responsibly and securely.
Source: Bleeping Computer — 2026-06-29